Suspicious.MH690

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Suspicious.MH690

Post by grutz on Sat 13 Nov 2010, 8:30 pm

Can someone help with this worm please. Symantec keeps quarantined infected temp files.

I'm running Win7 64bit. Here is the hijackthis log. Thanks for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:38 p.m., on 13/11/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\DWHWizrd.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: NuSphere ToolBar - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files (x86)\NuSphere\PhpED\NuSphereIEBar.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [cdloader] "C:\Users\shoota\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: NuSphere PhpED :: Debug this page - [You must be registered and logged in to see this link.] Files (x86)\NuSphere\PhpED\NuSphereIEBar.dll/1000
O8 - Extra context menu item: Read EXIF - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Ixia Endpoint (IxiaEndpoint) - Ixia - C:\PROGRA~1\Ixia\Endpoint\endpoint.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10643 bytes

grutz

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2010-11-13
Operating System : win7

View user profile

Back to top Go down

Re: Suspicious.MH690

Post by DragonMaster Jay on Sat 13 Nov 2010, 10:10 pm

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





Scan for malware

Please download Malwarebytes Anti-Malware from Download.CNET.com.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Suspicious.MH690

Post by grutz on Sun 14 Nov 2010, 6:07 am

Malwarebyte log -
Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 5108

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14/11/2010 7:51:57 a.m.
mbam-log-2010-11-14 (07-51-57).txt

Scan type: Quick scan
Objects scanned: 163424
Time elapsed: 6 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

grutz

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2010-11-13
Operating System : win7

View user profile

Back to top Go down

Re: Suspicious.MH690

Post by grutz on Sun 14 Nov 2010, 6:21 am

You didn't think it was going to be this easy did you ;)

Symantic is quarantining heaps of temp files now.

grutz

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2010-11-13
Operating System : win7

View user profile

Back to top Go down

Re: Suspicious.MH690

Post by DragonMaster Jay on Mon 15 Nov 2010, 5:03 pm

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Suspicious.MH690

Post by grutz on Tue 16 Nov 2010, 2:44 am

Thanks DragonMaster Jay, here is the log.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5dee8f3637c79748b1f6853ad1856b93
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-15 07:37:31
# local_time=2010-11-15 08:37:31 (+1200, New Zealand Daylight Time)
# country="New Zealand"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 3225388 3225388 0 0
# compatibility_mode=768 16777215 100 0 10693375 10693375 0 0
# compatibility_mode=1024 16777215 100 0 20751011 20751011 0 0
# compatibility_mode=5891 16776893 100 100 0 19465284 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=4594
# found=0
# cleaned=0
# scan_time=366
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5dee8f3637c79748b1f6853ad1856b93
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-15 10:08:02
# local_time=2010-11-15 11:08:02 (+1200, New Zealand Daylight Time)
# country="New Zealand"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 3225853 3225853 0 0
# compatibility_mode=768 16777215 100 0 10693840 10693840 0 0
# compatibility_mode=1024 16777215 100 0 20751476 20751476 0 0
# compatibility_mode=5891 16776893 100 100 0 19465749 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=270383
# found=3
# cleaned=3
# scan_time=8934
C:\Program Files (x86)\Sony\DVD Architect Pro 4.5\Keygen_Clean.exe a variant of Win32/Keygen.AR application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Temp\Vegas Pro 9e\SonyVegasPro9e_xlj\Keygen_Clean.exe a variant of Win32/Keygen.AR application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Public\Documents\New folder\Vegas\SonyVegasPro9e_xlj\Keygen_Clean.exe a variant of Win32/Keygen.AR application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

grutz

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2010-11-13
Operating System : win7

View user profile

Back to top Go down

Re: Suspicious.MH690

Post by grutz on Tue 16 Nov 2010, 3:09 am

After scan still getting heaps of infected temp files like before.

grutz

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2010-11-13
Operating System : win7

View user profile

Back to top Go down

Re: Suspicious.MH690

Post by DragonMaster Jay on Tue 16 Nov 2010, 6:05 am

TFC Temp. File Clean

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.





Dr Web CureIt!

Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.
    If so, click it, then click the next icon right below and select Move incurable.
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Suspicious.MH690

Post by grutz on Tue 16 Nov 2010, 5:43 pm

I just tried posting the log but maybe it is too big. Anyway it found two files that below to a program I have not used for many years. The program (Prime95) was a torture test for CPU's we used when overclocking the Duron's when they came out in the late 1990's. So these two files are not the problem. I'll try and post the log again straight after this post.

grutz

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2010-11-13
Operating System : win7

View user profile

Back to top Go down

Re: Suspicious.MH690

Post by grutz on Tue 16 Nov 2010, 5:49 pm

Breaking the log up as whole log has miles too many characters.

Dr.Web Scanner for Windows v6.00.05 (6.00.05.08310)
(c) Doctor Web, Ltd., 1992-2010
Log generated on: 2010-11-16, 10:12:22 [SHOOTA-PC][shoota]
Command line: "C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\c5549_xp.exe" /lng /ini:setup_xp.ini /fast
Operating system: Windows Seven Ultimate x64/WOW (Build 7600)
=============================================================================
Engine version: 5.00 (5.00.2.03300)
Engine API version: 2.02
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\e7b5b91a - 512 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\73d8ff59 - 1 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\70aa2253 - 7028 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\15c44185 - 8674 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\70baf7b6 - 8626 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\fd6273a9 - 8231 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\9736f675 - 10397 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\321bb504 - 11234 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\6695d143 - 10356 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\d09f7cda - 11383 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\e839d570 - 8957 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\6745d0b7 - 11015 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\c5f65978 - 11168 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\02cff42a - 7798 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\6dbaeebb - 7873 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\ccc1d4cd - 6904 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\c5a9bc39 - 6503 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\d31f52fd - 9823 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\5085de36 - 7572 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\47e7035e - 6996 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\5f66dbf7 - 16360 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\27461393 - 29168 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\08a11ee6 - 34202 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\5b33f306 - 28292 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\94471d2d - 27164 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\c6b32ba2 - 25131 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\3dd03d9f - 31464 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\34e1a030 - 18281 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\64db389c - 18009 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\8bf1e652 - 24685 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\533dea66 - 13651 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\30553707 - 16025 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\10241ba7 - 15644 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\bb827488 - 23265 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\39affd69 - 23135 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\135d8ac7 - 20510 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\a283de2a - 25475 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\4bd2dfdf - 16298 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\e5297939 - 19357 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\7ab53f9f - 18381 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\0191c9bf - 19562 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\058a1dd6 - 27102 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\0454a596 - 21223 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\cdcd34af - 24847 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\493e84c5 - 23251 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\e5b34cb9 - 14982 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\e0691713 - 16817 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\79c96be5 - 18725 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\e247feb2 - 18429 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\b038cc90 - 6225 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\efd6e7aa - 142240 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\871fe341 - 66726 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\4dba484a - 24512 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\87f90440 - 82762 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\a123e21e - 508543 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\2ec360ba - 1578 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\64faf7c4 - 1578 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\49f224f7 - 1959 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\eb27b941 - 2033 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\08f0f1a4 - 1812 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\49bd2997 - 1738 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\08507621 - 1885 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\a4732029 - 2091 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\ee6620c9 - 1569 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\f95a7e4b - 1834 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\2485d5fc - 703 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\9189fb65 - 1833 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\77415a59 - 1614 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\bfec599a - 2297 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\2863df69 - 2110 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\f990b1e6 - 2007 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\75129047 - 2370 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\9bb63668 - 2241 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\a077f4ad - 2596 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\0da54410 - 2024 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\05761a77 - 1609 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\328a92ae - 1471 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\26831f70 - 1445 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\6d4d0248 - 1895 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\f0ae10e0 - 2312 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\a84e2bef - 3006 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\72e2fde3 - 2146 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\8ebf6994 - 1714 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\5237869e - 2095 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\97d7b3e8 - 2715 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\8eef6a07 - 2545 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\e0798fba - 2801 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\97dcf378 - 6197 virus records
[Virus database] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\2bc0b6d0 - 28348 virus records
Total virus records: 1719665
[Self-checking] C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\c5549_xp.exe
Key file: C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\setup.key
License key number: 0012913379
Registered to: An unauthorized User
License key activates on: 2010-09-18
License key expires on: 2011-03-21
Process in memory: C:\Windows\System32\smss.exe:340 - OK
Process in memory: C:\Windows\System32\csrss.exe:460 - OK
Process in memory: C:\Windows\System32\csrss.exe:536 - OK
Process in memory: C:\Windows\System32\wininit.exe:544 - OK
Process in memory: C:\Windows\System32\services.exe:592 - OK
Process in memory: C:\Windows\System32\lsass.exe:608 - OK
Process in memory: C:\Windows\System32\lsm.exe:616 - OK
Process in memory: C:\Windows\System32\svchost.exe:716 - OK
Process in memory: C:\Windows\System32\svchost.exe:796 - OK
Process in memory: C:\Windows\System32\winlogon.exe:852 - OK
Process in memory: C:\Program Files\Microsoft Security Essentials\MsMpEng.exe:944 - OK
Process in memory: C:\Windows\System32\atiesrxx.exe:156 - OK
Process in memory: C:\Windows\System32\svchost.exe:200 - OK
Process in memory: C:\Windows\System32\svchost.exe:812 - OK
Process in memory: C:\Windows\System32\svchost.exe:1028 - OK
Process in memory: C:\Windows\System32\svchost.exe:1180 - OK
Process in memory: C:\Windows\System32\atieclxx.exe:1268 - OK
Process in memory: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe:1312 - OK
Process in memory: C:\Windows\System32\svchost.exe:1356 - OK
Process in memory: C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe:1608 - OK
Process in memory: C:\Windows\System32\spoolsv.exe:1928 - OK
Process in memory: C:\Windows\System32\svchost.exe:1968 - OK
Process in memory: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe:1148 - OK
Process in memory: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe:1248 - OK
Process in memory: C:\Program Files (x86)\Bonjour\mDNSResponder.exe:1552 - OK
Process in memory: C:\Windows\System32\svchost.exe:1664 - OK
Process in memory: C:\Windows\System32\taskhost.exe:2144 - OK
Process in memory: C:\Windows\System32\dwm.exe:2244 - OK
Process in memory: C:\Windows\explorer.exe:2288 - OK
Process in memory: C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe:2404 - OK
Process in memory: C:\Windows\System32\svchost.exe:2548 - OK
Process in memory: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe:2764 - OK
Process in memory: C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe:2840 - OK
Process in memory: C:\Program Files\Microsoft Security Essentials\msseces.exe:1632 - OK
Process in memory: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe:2448 - OK
Process in memory: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe:3168 - OK
Process in memory: C:\Program Files (x86)\Skype\Phone\Skype.exe:3360 - OK
Process in memory: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe:3560 - OK
Process in memory: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe:3768 - OK
Process in memory: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe:3776 - OK
Process in memory: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe:3784 - OK
Process in memory: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac:3824 - OK
Process in memory: C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe:3840 - OK
Process in memory: C:\Windows\System32\svchost.exe:4032 - OK
Process in memory: C:\Windows\System32\SearchIndexer.exe:4076 - OK
Process in memory: C:\Program Files\Windows Media Player\wmpnetwk.exe:4116 - OK
Process in memory: C:\Windows\System32\svchost.exe:3328 - OK
Process in memory: C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe:3692 - OK
Process in memory: C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe:4900 - OK
Process in memory: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe:3672 - OK
Process in memory: C:\Windows\splwow64.exe:252 - OK
Process in memory: C:\Windows\SysWOW64\ctfmon.exe:3440 - OK
Process in memory: C:\Users\shoota\Downloads\drweb-cureit.exe:444 - OK
Process in memory: C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\967b47.exe:5068 - OK
Process in memory: C:\Windows\SysWOW64\ctfmon.exe:3820 - OK
Process in memory: C:\Users\shoota\AppData\Local\Temp\43E32C4D-A007CA10-7BDDD27C-A9B873F5\c5549_xp.exe:1008 - OK
Process in memory: C:\Windows\System32\SearchProtocolHost.exe:1952 - OK
Process in memory: C:\Windows\System32\SearchFilterHost.exe:4452 - OK
[Memory scanning] No viruses found
Master Boot Record HDD1 - OK
Active OS/2 or WinNT Boot Sector HDD1 - OK
OS/2 or WinNT Boot Sector HDD1 - OK

grutz

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2010-11-13
Operating System : win7

View user profile

Back to top Go down

Re: Suspicious.MH690

Post by grutz on Tue 16 Nov 2010, 5:54 pm

Here are the two enties that matter.
C:\Users\shoota\Documents\40GB Drive\Downloads\_Utilities\PRIME95\HTTPNET.DLL infected with Trojan.DownLoader.origin - incurable - moved
C:\Users\shoota\Documents\4Gb2_USB\PRIME95\HTTPNET.DLL infected with Trojan.DownLoader.origin - incurable - moved

The next part is the bottom of the log.

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Scanned: 78332
Infected: 2
Modifications: 0
Suspicious: 0
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 2
Ignored: 0
Scan speed: 98 Kb/s
Scan time: 8:26:04

grutz

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2010-11-13
Operating System : win7

View user profile

Back to top Go down

Re: Suspicious.MH690

Post by grutz on Tue 16 Nov 2010, 5:56 pm

I had mentined at the beginning that I was using win7 64bit but I knew where to find the log.

grutz

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2010-11-13
Operating System : win7

View user profile

Back to top Go down

Re: Suspicious.MH690

Post by DragonMaster Jay on Wed 17 Nov 2010, 5:11 pm

We Need to Diagnose a Possible Problem with WGA
  1. Please download MGADiag and save it to your desktop.
  2. Double click the icon on your desktop.
  3. Push
  4. Push
  5. Go to Start -> Run and type in "Notepad"
  6. Go to Edit -> Paste in notepad.
  7. x out all of the numbers and letters in the line beginning with "Windows Product Key:"
  8. Copy and paste that log here.



[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Suspicious.MH690

Post by grutz on Wed 17 Nov 2010, 6:28 pm

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0



Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010100.0.0.001
ID: {CA9806A3-D28D-4882-BB83-0540AEE0A2CF}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7600.win7_gdr.100618-1621
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office FrontPage 2003 - 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: ~[Filtered]~

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600400-02-5129-7600.0000-0482010
Installation ID: 014984840863174571799925775272017991638444325042429292
Processor Certificate URL: [You must be registered and logged in to see this link.]
Machine Certificate URL: [You must be registered and logged in to see this link.]
Use License URL: [You must be registered and logged in to see this link.]
Product Key Certificate URL: [You must be registered and logged in to see this link.]
Partial Product Key: P4K27
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 17/11/2010 8:25:58 p.m.

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 8:30:2010 09:39
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NgAAAAEABQABAAEAAAACAAAAAgABAAEAonY4tmo5SmoQc3ymiIJKNPiDsK+aiFCuYggm/nZW

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC PTLTD APIC
FACP INTEL CRESTLNE
HPET INTEL CRESTLNE
BOOT PTLTD $SBFTBL$
MCFG INTEL CRESTLNE
SLIC DELL QA09
OSFR DELL DELL
SSDT PmRef CpuPm



grutz

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2010-11-13
Operating System : win7

View user profile

Back to top Go down

Re: Suspicious.MH690

Post by grutz on Wed 17 Nov 2010, 6:29 pm

What is WGA?

grutz

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2010-11-13
Operating System : win7

View user profile

Back to top Go down

Re: Suspicious.MH690

Post by grutz on Thu 18 Nov 2010, 4:51 am

Hi DragonMaster Jay

I am getting huge amounts of infected temp files. I've noticed that it is only when I am on the net, ie open firefox. I stopped firefox and changed my default browser to ie8 and the infections have stopped. I don't really want to use ie but if we cannot clean firefox then I have no choice. I open firefox just after 6am this morning and closed it at half past. I'll post the log from Symantic so you can see that they are coming in at a rate of one per couple of seconds.

grutz

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2010-11-13
Operating System : win7

View user profile

Back to top Go down

Re: Suspicious.MH690

Post by grutz on Thu 18 Nov 2010, 4:52 am

Filename Risk Action Risk Type Original Location Computer User Status Current Location Primary Action Secondary Action Logged By Action Description Date and Time
DWHE49.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWHDB6E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWHF2E5.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH345B.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH5342.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH630B.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH7342.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH82FB.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH92C5.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWHA27F.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWHB296.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWHC250.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWHD20A.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWHE1C4.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWHF19D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWHFD70.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWHD1A.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH1CD4.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH2C8E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH3C57.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH4C11.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH5C09.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH6BC3.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH7B8D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWH8B46.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWH9B00.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWHAB27.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWHBB00.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWHCABA.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWHDB00.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWHEABA.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWHFA84.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWHA4D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWH1A07.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWH29E0.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWH39B9.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWH4982.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWH593C.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWH6906.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWH78EE.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWH88A8.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWH9862.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWHA82B.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWHB7F5.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWHC7AF.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWHD778.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWHE741.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWHF70B.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWH6C5.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWH167E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWH2648.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWH3602.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWH41D5.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWH519F.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWH6158.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWH7112.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWH80CC.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWH9095.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWHA04F.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWHB009.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWHBFC3.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWHCF7D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWHDF37.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWHEEF0.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWHFEC9.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWHE93.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWH1E6C.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWH2E35.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWH3E1E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWH4DD8.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWH5DC0.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWH6D8A.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWH7D53.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWH8D1D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWH9CF6.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWHACBF.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWHBC79.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWHCC62.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWHDC2B.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWHEBF4.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWHFBCD.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWHBA7.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWH1B70.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWH2B49.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWH3B32.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWH4AFB.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWH56DE.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWH66C7.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWH76AF.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWH8679.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWH9661.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWHA62B.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWHB604.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWHC5CD.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWHD597.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWHE570.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWHF539.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWH503.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWH14CC.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWH2495.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWH344F.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWH4447.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWH5411.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWH63EA.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWH73A4.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWH836D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWH9337.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWHA300.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWHB2E9.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWHC2E1.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWHD2AA.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWHE274.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWHF22E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWH226.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWH11EF.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWH21B9.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWH31B1.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWH418A.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWH5144.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWH610D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWH70F6.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWH80EE.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWH90B7.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWHA081.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWHB04A.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWHC033.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWHD02B.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWHE014.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWHEFDD.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWHFFC6.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWHFAE.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWH1FA7.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWH2F9F.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWH3F68.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWH4F32.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWH5EFB.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWH6EC5.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWH7E8E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWH8E67.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWH9E50.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWHAE38.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWHBE30.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWHCDFA.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWHDDE3.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWHEDDB.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWHFD95.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWHD8D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWH1D56.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWH2D4E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWH3D37.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWH4D00.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWH5CCA.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWH6CA3.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWH7C9B.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWH8C65.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWH9C4D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWHAC55.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWHBC7C.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWHCC74.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWHDC5D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWHEC26.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWHFDE3.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWHDAC.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWH1D95.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWH2DAC.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWH3D76.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWH4D3F.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWH5DA5.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWH6D9D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWH7970.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWH8949.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWH9903.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWHA8CD.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWHB896.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWHC860.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWHD829.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWHE7D3.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWHF78D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWH747.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWH1701.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWH26BA.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWH3665.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWH461F.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWH55D8.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWH65A2.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWH754C.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWH8506.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWH94C0.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWHA489.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWHB472.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWHC43B.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWHD3F5.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWHE3AF.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWHF359.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWH342.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWH12FB.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWH22B5.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWH3260.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWH4248.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWH4E1C.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWH5DC6.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWH6D80.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWH7D39.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWH8CF3.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWH9CAD.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWHAC57.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWHBC11.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWHCBCB.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWHDB85.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWHEB4E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWHFB08.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWH6EB.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWH16B4.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWH266E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWH3628.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWH45E2.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWH558C.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWH6546.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWH7500.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWH84C9.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWH9493.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWHA4AA.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWHB493.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWHC43D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWHD3F7.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWHE3B1.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWHF36A.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWH334.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWH12EE.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWH22A8.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWH3271.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWH424A.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWH5204.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWH61CD.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWH7187.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWH8131.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWH90EB.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWHA0A5.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWHB06E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWHC028.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWHD011.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWHDFDA.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWHEFB3.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWHFF6D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWHF27.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWH1EE1.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWH2E8B.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWH3E45.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWH4DFF.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWH5DB8.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWH6D72.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWH7D2C.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWH8CF6.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWH9CAF.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWHAC69.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWHBC23.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWHCBCD.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWHDB87.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWHEB41.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWHF724.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWH6CE.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWH1688.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWH2651.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWH360B.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWH4603.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWH55CD.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWH65D5.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWH759E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWH8558.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWH9531.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWHA4FA.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWHB4B4.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWHC46E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWHD418.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWHDFEC.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWHEFD4.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWHFF9E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:23
DWHF58.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:23
DWH1F11.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:23
DWH32B2.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:23
DWH4661.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:23

grutz

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2010-11-13
Operating System : win7

View user profile

Back to top Go down

Re: Suspicious.MH690

Post by DragonMaster Jay on Thu 18 Nov 2010, 7:23 am

Windows Genuine Advantage checks to make sure everything in Windows is validated. It all looks to be fine.

I need to take a look at some Firefox stuff, and your whole system, in general.

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Suspicious.MH690

Post by grutz on Thu 18 Nov 2010, 8:09 am

OTL.txt
OTL logfile created on: 18/11/2010 9:52:40 a.m. - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\shoota\Downloads\_Security
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 77.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 137.91 Gb Free Space | 29.62% Space Free | Partition Type: NTFS

Computer Name: SHOOTA-PC | User Name: shoota | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/18 09:51:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\shoota\Downloads\_Security\OTL.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/29 16:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 16:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/01 22:31:46 | 001,822,296 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/04/01 22:31:18 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2010/03/18 12:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/25 15:35:56 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2010/11/18 09:51:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\shoota\Downloads\_Security\OTL.exe
MOD - [2010/08/21 18:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 14:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/14 14:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2009/07/14 14:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll
MOD - [2009/07/14 14:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Disabled | Stopped] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 14:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 14:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2003/12/01 05:00:00 | 001,293,824 | ---- | M] (Ixia) [Auto | Stopped] -- C:\Program Files\Ixia\Endpoint\endpoint.exe -- (IxiaEndpoint)
SRV - [2010/11/18 06:58:45 | 000,075,064 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/29 16:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/10 11:00:28 | 003,217,344 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/04/01 22:31:46 | 001,822,296 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/04/01 20:47:34 | 000,419,656 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/06/11 10:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/27 20:12:28 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/09/10 22:38:10 | 000,225,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
DRV:64bit: - [2010/07/13 09:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/05/11 09:13:40 | 000,082,048 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/04/29 16:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/04/19 21:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/04/10 11:00:28 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/01/13 09:19:10 | 000,142,848 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ArcHlp.sys -- (archlp)
DRV:64bit: - [2009/12/28 12:42:26 | 000,064,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV:64bit: - [2009/10/10 15:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/14 14:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 14:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 14:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 14:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 14:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 14:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 13:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/14 13:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/14 13:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/14 13:06:40 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avcstrm.sys -- (AVCSTRM)
DRV:64bit: - [2009/07/14 13:06:39 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mstape.sys -- (MSTAPE)
DRV:64bit: - [2009/07/04 19:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 08:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 18:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/06/11 09:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 09:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/11 09:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/06/11 09:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 09:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 09:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 09:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/18 06:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2007/02/16 13:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2010/10/18 21:00:00 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101116.049\EX64.SYS -- (NAVEX15)
DRV - [2010/10/18 21:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/10/18 21:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/10/18 21:00:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101116.049\ENG64.SYS -- (NAVENG)
DRV - [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2007/02/16 13:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-nz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 7D 37 5D 5E D1 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.nz/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.608
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.6.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.backup.ftp: "172.31.232.250"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "172.31.232.250"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "172.31.232.250"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "172.31.232.250"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "172.31.232.250"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "172.31.232.250"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "172.31.232.250"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "172.31.232.250"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "172.31.232.250"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/29 06:57:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/29 06:57:41 | 000,000,000 | ---D | M]

[2010/02/18 07:50:02 | 000,000,000 | ---D | M] -- C:\Users\shoota\AppData\Roaming\Mozilla\Extensions
[2010/11/17 07:09:24 | 000,000,000 | ---D | M] -- C:\Users\shoota\AppData\Roaming\Mozilla\Firefox\Profiles\ypwj7phz.default\extensions
[2010/11/12 21:11:47 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\shoota\AppData\Roaming\Mozilla\Firefox\Profiles\ypwj7phz.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010/06/07 23:31:14 | 000,000,000 | ---D | M] -- C:\Users\shoota\AppData\Roaming\Mozilla\Firefox\Profiles\ypwj7phz.default\extensions\LogMeInClient@logmein.com
[2010/11/17 07:09:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/25 15:55:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/13 08:27:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/16 19:18:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/18 20:52:46 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/18 20:52:47 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/18 20:52:47 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/18 20:52:47 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/09/16 10:12:39 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (NuSphere ToolBar) - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files (x86)\NuSphere\PhpED\NuSphereIEBar64.dll ()
O3 - HKLM\..\Toolbar: (NuSphere ToolBar) - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files (x86)\NuSphere\PhpED\NuSphereIEBar.dll ()
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [cdloader] C:\Users\shoota\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: NuSphere PhpED :: Debug this page - C:\Program Files (x86)\NuSphere\PhpED\NuSphereIEBar.dll ()
O8:64bit: - Extra context menu item: Read EXIF - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O8 - Extra context menu item: NuSphere PhpED :: Debug this page - C:\Program Files (x86)\NuSphere\PhpED\NuSphereIEBar.dll ()
O8 - Extra context menu item: Read EXIF - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\E\Shell\phone\command - "" = E:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig:64bit - StartUpReg: CloneCDTray - hkey= - key= - C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: MSSE - hkey= - key= - c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
MsConfig:64bit - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: Symantec Antvirus - Service
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: Symantec Antivirus - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: Symantec Antvirus - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: Symantec Antvirus - Service
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmcService - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootNet: Symantec Antvirus - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

grutz

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2010-11-13
Operating System : win7

View user profile

Back to top Go down

Re: Suspicious.MH690

Post by grutz on Thu 18 Nov 2010, 8:10 am

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7B4E1F48-5F63-44AE-FF35-B7941E347973} - Themes Setup
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.ACDV - File not found
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/17 20:26:17 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2010/11/17 20:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/11/17 16:18:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wolfenstein - Enemy Territory
[2010/11/17 09:46:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/11/17 06:12:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wolfenstein - Maps
[2010/11/16 19:18:13 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/11/16 19:18:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/11/16 19:18:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/11/16 10:12:22 | 000,000,000 | ---D | C] -- C:\Users\shoota\DoctorWeb
[2010/11/15 20:17:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/11/15 17:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/11/15 17:32:40 | 000,000,000 | ---D | C] -- C:\e65962a64da705aaf9bf7ca1dcf800
[2010/11/12 21:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/11/12 21:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/11/08 08:40:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2010/11/08 07:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/10/31 19:01:21 | 000,000,000 | ---D | C] -- C:\Users\shoota\Sherri
[2010/10/29 14:21:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\.nusphere
[2010/10/29 14:21:37 | 000,000,000 | ---D | C] -- C:\Users\shoota\AppData\Roaming\NuSphere
[2010/10/29 14:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PHP
[2010/10/29 14:03:22 | 000,297,984 | ---- | C] (Borland Software Corporation) -- C:\Windows\SysWow64\midas.dll
[2010/10/29 14:02:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\phpED
[2010/10/29 14:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NuSphere
[2010/10/28 06:50:00 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/10/28 06:50:00 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/10/28 06:49:59 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/10/28 06:49:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/10/28 06:49:57 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/10/28 06:49:57 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/10/28 06:49:57 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/10/28 06:49:42 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010/10/27 20:13:59 | 000,000,000 | ---D | C] -- C:\Users\shoota\AppData\Local\Symantec
[2010/10/27 20:13:51 | 000,225,328 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\wpshelper.sys
[2010/10/27 20:12:11 | 000,172,592 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/10/27 20:12:10 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/10/27 20:11:49 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capicom.dll
[2010/10/27 20:11:48 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71.DLL
[2010/10/27 20:11:48 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCP71.DLL
[2010/10/27 20:11:48 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCR71.DLL
[2010/10/27 20:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/10/27 20:11:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/10/27 20:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/10/27 20:11:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Symantec
[2010/10/25 22:09:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/25 22:09:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/10/21 13:49:29 | 000,000,000 | ---D | C] -- C:\output
[2010/10/19 20:49:01 | 000,000,000 | ---D | C] -- C:\Users\shoota\AppData\Local\Google
[2010/10/19 20:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/05/11 09:13:40 | 000,082,048 | ---- | C] (VSO Software) -- C:\Users\shoota\AppData\Roaming\pcouffin.sys
[2010/02/19 08:21:44 | 000,709,632 | ---- | C] (e-Presencia) -- C:\Program Files (x86)\posteriza.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/18 09:54:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/18 09:00:02 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\SyncBack MyBackup.job
[2010/11/18 06:58:45 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/11/18 06:43:27 | 000,071,785 | ---- | M] () -- C:\Users\shoota\Desktop\SuspiciousH690.csv
[2010/11/18 06:04:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/17 21:00:01 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\SyncBack Outlook.job
[2010/11/17 20:54:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/17 20:31:03 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/17 20:31:03 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/17 16:18:58 | 000,001,050 | ---- | M] () -- C:\Users\shoota\Desktop\Wolfenstein - Enemy Territory.lnk
[2010/11/17 06:10:45 | 527,826,943 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/17 05:49:59 | 000,000,166 | ---- | M] () -- C:\Users\Public\Documents\SuspiciousH690.csv
[2010/11/15 17:57:16 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/15 17:57:16 | 000,631,364 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/15 17:57:16 | 000,111,456 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/15 17:32:50 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/15 16:10:51 | 000,355,840 | ---- | M] () -- C:\Users\shoota\Documents\EMAIL.XLS
[2010/11/14 08:06:18 | 000,642,448 | ---- | M] () -- C:\Users\shoota\Desktop\Suspicious.MH690.jpg
[2010/11/13 22:29:31 | 000,002,089 | ---- | M] () -- C:\Users\shoota\Desktop\HijackThis.lnk
[2010/11/12 21:23:55 | 001,204,866 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2010/11/12 21:17:39 | 000,507,360 | ---- | M] () -- C:\Users\shoota\Desktop\sdsetup_aff.exe
[2010/11/12 14:21:55 | 000,073,728 | -H-- | M] () -- C:\Users\shoota\Documents\photothumb.db
[2010/11/09 19:03:32 | 000,195,584 | ---- | M] () -- C:\Users\Public\Documents\DysonQuote.doc
[2010/11/08 16:12:08 | 000,019,164 | ---- | M] () -- C:\Users\Public\Documents\Internal Parasites.docx
[2010/11/08 16:06:15 | 000,019,491 | ---- | M] () -- C:\Users\Public\Documents\GoatDrenchRecipes.docx
[2010/11/05 12:43:50 | 000,001,135 | ---- | M] () -- C:\Users\shoota\Desktop\Advanced IP Scanner.exe - Shortcut.lnk
[2010/11/02 14:20:20 | 000,000,500 | ---- | M] () -- C:\Users\shoota\Desktop\Levin School.lnk
[2010/10/31 22:00:45 | 000,014,582 | ---- | M] () -- C:\Users\Public\Documents\cc_20101031_220031.reg
[2010/10/29 14:03:30 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\NuSphere PhpED.lnk
[2010/10/28 19:54:46 | 000,022,528 | ---- | M] () -- C:\Users\shoota\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/27 20:12:28 | 000,172,592 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/10/27 20:12:28 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/10/27 20:12:28 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/10/26 13:21:33 | 000,039,424 | ---- | M] () -- C:\Users\shoota\Desktop\LevinSchool_Unallocated.xls
[2010/10/25 22:09:28 | 000,001,254 | ---- | M] () -- C:\Users\shoota\Desktop\Spybot - Search & Destroy.lnk
[2010/10/23 13:23:40 | 000,160,136 | ---- | M] () -- C:\Users\shoota\Desktop\viewer-crop.jpg
[2010/10/22 12:19:12 | 000,001,260 | ---- | M] () -- C:\Users\shoota\Desktop\Revo Uninstaller.lnk
[2010/10/20 07:34:59 | 000,002,280 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/18 06:43:27 | 000,071,785 | ---- | C] () -- C:\Users\shoota\Desktop\SuspiciousH690.csv
[2010/11/17 16:18:58 | 000,001,050 | ---- | C] () -- C:\Users\shoota\Desktop\Wolfenstein - Enemy Territory.lnk
[2010/11/17 05:49:32 | 000,000,166 | ---- | C] () -- C:\Users\Public\Documents\SuspiciousH690.csv
[2010/11/15 17:32:50 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/14 08:06:16 | 000,642,448 | ---- | C] () -- C:\Users\shoota\Desktop\Suspicious.MH690.jpg
[2010/11/13 22:23:12 | 000,537,842 | ---- | C] () -- C:\HaxFix.exe
[2010/11/12 21:23:50 | 001,204,866 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2010/11/12 21:17:47 | 000,507,360 | ---- | C] () -- C:\Users\shoota\Desktop\sdsetup_aff.exe
[2010/11/09 18:54:00 | 000,195,584 | ---- | C] () -- C:\Users\Public\Documents\DysonQuote.doc
[2010/11/08 16:12:08 | 000,019,164 | ---- | C] () -- C:\Users\Public\Documents\Internal Parasites.docx
[2010/11/08 16:06:14 | 000,019,491 | ---- | C] () -- C:\Users\Public\Documents\GoatDrenchRecipes.docx
[2010/11/05 12:43:50 | 000,001,135 | ---- | C] () -- C:\Users\shoota\Desktop\Advanced IP Scanner.exe - Shortcut.lnk
[2010/11/02 14:20:20 | 000,000,500 | ---- | C] () -- C:\Users\shoota\Desktop\Levin School.lnk
[2010/10/31 22:00:35 | 000,014,582 | ---- | C] () -- C:\Users\Public\Documents\cc_20101031_220031.reg
[2010/10/29 14:03:30 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\NuSphere PhpED.lnk
[2010/10/27 20:12:11 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/10/27 20:12:11 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/10/26 13:21:33 | 000,039,424 | ---- | C] () -- C:\Users\shoota\Desktop\LevinSchool_Unallocated.xls
[2010/10/25 22:09:28 | 000,001,254 | ---- | C] () -- C:\Users\shoota\Desktop\Spybot - Search & Destroy.lnk
[2010/10/23 13:23:36 | 000,160,136 | ---- | C] () -- C:\Users\shoota\Desktop\viewer-crop.jpg
[2010/10/20 07:34:59 | 000,002,280 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/10/19 20:49:07 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/19 20:49:06 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/08 11:11:44 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/07/23 11:52:49 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/07/22 11:27:59 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/07/14 12:53:32 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo3.dll
[2010/07/08 15:28:09 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/11 13:24:09 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/05/27 10:11:22 | 000,022,528 | ---- | C] () -- C:\Users\shoota\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/20 17:56:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/05/20 17:55:13 | 000,019,310 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/05/18 02:47:52 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/05/11 09:14:25 | 000,000,034 | ---- | C] () -- C:\Users\shoota\AppData\Roaming\pcouffin.log
[2010/05/11 09:13:40 | 000,093,696 | ---- | C] () -- C:\Users\shoota\AppData\Roaming\ezpinst.exe
[2010/05/11 09:13:40 | 000,007,176 | ---- | C] () -- C:\Users\shoota\AppData\Roaming\pcouffin.cat
[2010/05/11 09:13:40 | 000,001,167 | ---- | C] () -- C:\Users\shoota\AppData\Roaming\pcouffin.inf
[2010/04/29 07:34:08 | 000,007,624 | ---- | C] () -- C:\Users\shoota\AppData\Local\Resmon.ResmonCfg
[2010/03/29 10:20:58 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/03/05 07:50:03 | 000,004,561 | ---- | C] () -- C:\Users\shoota\AppData\Roaming\stopword.askw
[2010/02/19 08:13:53 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat
[2010/02/18 14:04:21 | 000,000,148 | ---- | C] () -- C:\Windows\OPHG.INI
[2009/08/16 11:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/07/14 12:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 10:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2007/12/28 20:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/02/05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2005/01/17 20:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2004/08/09 20:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2009/07/14 18:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 18:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 18:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 18:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 09:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 01:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 17:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2009/03/08 20:59:16 | 000,709,632 | ---- | M] (e-Presencia) -- C:\Program Files (x86)\posteriza.exe

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/02/17 19:14:23 | 000,000,285 | -HS- | M] () -- C:\Users\shoota\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/11/12 21:17:39 | 000,507,360 | ---- | M] () -- C:\Users\shoota\Desktop\sdsetup_aff.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/11 10:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/10/29 06:57:39 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
[2010/10/29 06:57:39 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[2010/10/29 06:57:40 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
[2010/10/29 06:57:40 | 000,245,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/10/03 07:01:23 | 000,000,402 | -HS- | M] () -- C:\Users\shoota\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/09/21 21:16:40 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %SYSTEMDRIVE%\*.* >
[2010/06/03 08:51:16 | 000,007,052 | R--- | M] () -- C:\CLDMA.LOG
[2010/04/04 13:04:57 | 000,537,842 | ---- | M] () -- C:\HaxFix.exe
[2010/11/17 06:10:45 | 527,826,943 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/17 06:10:48 | 2135,429,119 | -HS- | M] () -- C:\pagefile.sys
[2010/10/25 18:04:22 | 000,000,443 | ---- | M] () -- C:\rkill.log
[2010/06/03 09:07:23 | 000,009,738 | ---- | M] () -- C:\scramble.log

< %PROGRAMFILES%\*. >
[2010/03/11 00:21:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\2BrightSparks
[2010/04/16 12:06:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ACD Systems
[2010/03/11 00:21:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Acro Software
[2010/04/29 07:20:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/11/05 12:35:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Advanced IP Scanner
[2010/03/11 00:32:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ahead
[2010/08/05 01:14:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010/09/09 08:23:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ArcSoft
[2010/03/11 00:21:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
[2010/08/04 05:15:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2010/09/07 23:22:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CCleaner
[2010/05/11 09:13:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CloneDVD
[2010/11/17 09:46:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/06/03 08:50:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2010/10/18 17:48:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Digital Assembly
[2010/08/04 05:13:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Documents To Go Desktop
[2010/03/11 00:32:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DVD Shrink
[2010/05/11 08:01:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Elaborate Bytes
[2010/11/15 20:17:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ESET
[2010/04/03 11:38:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FireTrust
[2010/10/20 07:34:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2010/03/11 00:32:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GPLGS
[2010/10/03 07:01:52 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/10/15 05:56:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/11/16 19:18:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010/03/11 00:22:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Macromedia
[2010/06/03 08:01:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/03/31 08:12:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2010/10/08 11:10:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft ActiveSync
[2010/11/15 17:33:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/03/30 09:53:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2010/03/11 00:22:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010/11/08 07:26:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/08/02 18:29:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/03/11 00:33:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/03/11 00:33:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/10/10 21:03:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/06/23 15:05:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010/08/03 18:47:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Movie Maker 2.6
[2010/10/29 06:57:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2010/03/11 00:33:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/11/08 08:40:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSECache
[2010/03/11 00:08:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010/09/07 15:22:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\nLite
[2010/10/29 14:02:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NuSphere
[2010/05/07 13:55:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Okidata
[2010/06/07 18:45:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PhotoScape
[2010/03/11 00:23:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\plasq
[2010/07/08 07:18:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ProfaxWin
[2010/05/05 10:51:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QS
[2010/08/05 01:14:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2010/03/11 00:23:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/11/17 09:46:50 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2010/05/11 08:13:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SlySoft
[2010/07/16 05:35:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SOFTplus
[2010/08/02 17:07:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sonic Foundry
[2010/09/19 13:04:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sony
[2010/09/19 13:03:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sony Setup
[2010/10/25 22:15:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/10/27 20:11:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Symantec
[2010/07/08 07:18:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SyncrifyClient
[2010/08/01 16:36:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TeamViewer
[2010/06/03 09:37:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\The KMPlayer
[2010/10/09 12:35:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Trend Micro
[2009/07/14 17:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/03/29 17:46:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2010/03/11 00:23:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VS Revo Group
[2010/06/03 09:20:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Win7codecs
[2010/03/11 00:23:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010/08/02 18:30:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010/03/31 08:12:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/05/12 07:21:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/10/15 05:56:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2010/03/11 00:23:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2010/03/11 00:23:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/14 18:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2010/03/11 00:33:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010/08/31 17:32:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinZip
[2010/11/17 19:14:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Wolfenstein - Enemy Territory
[2010/11/17 06:14:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Wolfenstein - Maps
[2010/06/26 16:29:37 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Zero G Registry

< %appdata%\*.* >
[2010/05/11 09:13:40 | 000,093,696 | ---- | M] () -- C:\Users\shoota\AppData\Roaming\ezpinst.exe
[2010/05/11 09:13:40 | 000,007,176 | ---- | M] () -- C:\Users\shoota\AppData\Roaming\pcouffin.cat
[2010/05/11 09:13:40 | 000,001,167 | ---- | M] () -- C:\Users\shoota\AppData\Roaming\pcouffin.inf
[2010/05/11 09:14:25 | 000,000,034 | ---- | M] () -- C:\Users\shoota\AppData\Roaming\pcouffin.log
[2010/05/11 09:13:40 | 000,082,048 | ---- | M] (VSO Software) -- C:\Users\shoota\AppData\Roaming\pcouffin.sys
[2010/03/05 07:50:10 | 000,004,561 | ---- | M] () -- C:\Users\shoota\AppData\Roaming\stopword.askw


< MD5 for: AGP440.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\XPSETUP\I386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\XPSETUP_Open\I386\sp3.cab:AGP440.sys
[2009/07/14 14:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 14:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\XPSETUP\I386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\XPSETUP_Open\I386\sp3.cab:atapi.sys
[2009/07/14 14:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 14:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 14:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 14:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 14:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 14:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: DISK.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\XPSETUP\I386\sp3.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\XPSETUP_Open\I386\sp3.cab:disk.sys
[2009/07/14 14:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 14:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: IASTOR.SYS >
[2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Users\Public\Documents\New folder\P7P55D-E\IMSM_V8901023\Driver\Disk\f6flpy64\IaStor.sys
[2009/06/04 22:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Users\Public\Documents\New folder\IaStor.sys
[2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Users\Public\Documents\New folder\P7P55D-E\IMSM_V8901023\Driver\Disk\f6flpy32\IaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/14 14:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 14:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 14:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 14:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 14:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 14:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2005/08/18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\Users\shoota\Downloads\_Drivers\Motherboards\Gigabyte GA-K8NXP-9\BootDisk Raid\NVATABUS.SYS
[2005/08/18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\Users\shoota\My Documents\40GB Drive\Downloads\_Drivers\Motherboards\Gigabyte GA-K8NXP-9\BootDisk Raid\NVATABUS.SYS
[2005/07/26 11:16:44 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\Users\shoota\My Documents\4Gb2_USB\Drivers\Asus K8N-E\WINXP_2K\IDE\Disk\NvAtaBus.sys
[2005/07/26 11:16:44 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\Users\shoota\My Documents\4Gb2_USB\Drivers\Asus K8N-E\WINXP_2K\IDE\Win2K\NvAtaBus.sys
[2005/07/26 11:16:44 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\Users\shoota\My Documents\4Gb2_USB\Drivers\Asus K8N-E\WINXP_2K\IDE\WinXP\NvAtaBus.sys

< MD5 for: NVSTOR.SYS >
[2009/07/14 14:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 14:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 14:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 14:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 14:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 14:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\XPSETUP\I386\sp3.cab:usbstor.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\XPSETUP_Open\I386\sp3.cab:usbstor.sys
[2009/07/14 13:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\SysWow64\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\USBSTOR.SYS
[2009/07/14 13:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:4D32E5D044D8E894
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

grutz

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2010-11-13
Operating System : win7

View user profile

Back to top Go down

Re: Suspicious.MH690

Post by grutz on Thu 18 Nov 2010, 8:11 am

Extras.txt
OTL Extras logfile created on: 18/11/2010 9:52:40 a.m. - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\shoota\Downloads\_Security
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 77.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 137.91 Gb Free Space | 29.62% Space Free | Partition Type: NTFS

Computer Name: SHOOTA-PC | User Name: shoota | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [ACDSee Pro 2.5.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" (ACD Systems)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.5.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" (ACD Systems)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DA20600-6130-443B-9D4B-F30520315FA6}" = Bonjour Print Services
"{1FDA65E4-7C46-49AA-9721-A734125D68F3}" = Symantec Endpoint Protection
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{A2422B02-0D41-43F5-B62E-C7A5E55FCBA8}" = Vegas Pro 9.0 (64-bit)
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.02
"{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}" = ACDSee Pro 2.5
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30B056AF-F414-4B68-B9B0-6EFDB9FCDF18}" = ArcSoft MediaImpression 2
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31B620F7-A6E7-4F91-AF10-6EC9DB2EA564}" = ArcSoft Panorama Maker 5
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{40DA94AF-34B7-4BA7-A37F-26F899C031FF}" = ArcSoft PhotoStudio Darkroom 2
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{521F829A-CBDD-4525-A94C-05D4650E9F71}" = DVD Architect Pro 5.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A1F0A1A-474C-4151-8534-5F61832D88CD}" = Comic Life
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{82FAC25D-D0E1-4D60-9268-F3DD958BF052}" = ArcSoft RAW Thumbnail Viewer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5F47039-9B19-4AC3-9A4A-E1CA3068E59F}" = ArcSoft TotalMedia Theatre 3
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5
"CCleaner" = CCleaner (remove only)
"CloneCD" = CloneCD
"CSELITE65_is1" = CSE HTML Validator Lite v6.52
"DTGDesktop" = Documents To Go Desktop for iPhone
"DVD Shrink_is1" = DVD Shrink 3.2
"Endpoint" = Ixia Endpoint for Windows
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"GSiteCrawler" = GSiteCrawler
"HijackThis" = HijackThis 2.0.2
"InstallShield_{B5F47039-9B19-4AC3-9A4A-E1CA3068E59F}" = ArcSoft TotalMedia Theatre 3
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"MailWasher Pro_is1" = MailWasher Pro
"MainApp.exe_is1" = CloneDVD 4.1.0.23
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Embedded Browser_is1" = Mozilla Embedded Browser version 3.5
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"nLite_is1" = nLite 1.4.9.1
"NuSphere PhpED_is1" = NuSphere PhpED version 5.9.5
"PhotoScape" = PhotoScape
"PHP Documentor_is1" = Php Documentor version 1.4.2 for NuSphere PhpED
"PHP_is1" = php-4.4.9 for NuSphere PhpED
"PHP5_is1" = php-5.2.13 for NuSphere PhpED
"PHP53_is1" = php-5.3.2 for NuSphere PhpED
"POLYSTYLE_is1" = Polystyle 2.0zo (trial) for NuSphere PhpED
"Profax Accounting" = Profax Accounting
"Qcheck" = Ixia Qcheck
"Revo Uninstaller" = Revo Uninstaller 1.90
"SyncBack_is1" = SyncBack
"SyncrifyClient" = SyncrifyClient
"The KMPlayer" = The KMPlayer (remove only)
"VLC media player" = VideoLAN VLC media player 0.8.6f
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/11/2010 10:44:33 a.m. | Computer Name = SHOOTA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10094

Error - 17/11/2010 10:44:34 a.m. | Computer Name = SHOOTA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 17/11/2010 10:44:34 a.m. | Computer Name = SHOOTA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11092

Error - 17/11/2010 10:44:34 a.m. | Computer Name = SHOOTA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11092

Error - 17/11/2010 1:05:23 p.m. | Computer Name = shoota-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Suspicious.MH690 in File: C:\Users\shoota\AppData\Local\Temp\DWHE49.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 17/11/2010 1:24:48 p.m. | Computer Name = shoota-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Rtvscan.exe, version: 11.0.6000.419, time
stamp: 0x4bb57114 Faulting module name: Rtvscan.exe, version: 11.0.6000.419, time
stamp: 0x4bb57114 Exception code: 0xc0000005 Fault offset: 0x00094115 Faulting process
id: 0x8a8 Faulting application start time: 0x01cb85b148f0fa89 Faulting application
path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe Faulting
module path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
Report
Id: 935803c0-f26f-11df-aeb8-0026b90d3818

Error - 17/11/2010 3:20:07 p.m. | Computer Name = shoota-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 17/11/2010 3:27:36 p.m. | Computer Name = shoota-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 17/11/2010 3:33:31 p.m. | Computer Name = shoota-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 17/11/2010 3:38:26 p.m. | Computer Name = shoota-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ Media Center Events ]
Error - 27/04/2010 12:55:18 a.m. | Computer Name = shoota-PC | Source = MCUpdate | ID = 0
Description = 4:55:18 p.m. - Error connecting to the internet. 4:55:18 p.m. -
Unable to contact server..

Error - 27/04/2010 1:55:27 a.m. | Computer Name = shoota-PC | Source = MCUpdate | ID = 0
Description = 5:55:26 p.m. - Error connecting to the internet. 5:55:26 p.m. -
Unable to contact server..

[ OSession Events ]
Error - 4/07/2010 10:21:13 p.m. | Computer Name = shoota-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 77121
seconds with 6900 seconds of active time. This session ended with a crash.

Error - 16/08/2010 1:25:38 p.m. | Computer Name = shoota-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 146
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/08/2010 3:47:35 a.m. | Computer Name = shoota-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 1280
seconds with 420 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 17/11/2010 10:44:15 a.m. | Computer Name = shoota-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 17/11/2010 1:04:35 p.m. | Computer Name = shoota-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 17/11/2010 1:24:51 p.m. | Computer Name = shoota-PC | Source = Service Control Manager | ID = 7031
Description = The Symantec Endpoint Protection service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 10000
milliseconds: Restart the service.

Error - 17/11/2010 1:32:27 p.m. | Computer Name = shoota-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

Error - 17/11/2010 1:58:41 p.m. | Computer Name = shoota-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 17/11/2010 2:51:02 p.m. | Computer Name = shoota-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 17/11/2010 3:14:55 p.m. | Computer Name = shoota-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

Error - 17/11/2010 3:22:29 p.m. | Computer Name = shoota-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

Error - 17/11/2010 3:30:55 p.m. | Computer Name = shoota-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

Error - 17/11/2010 3:36:07 p.m. | Computer Name = shoota-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838


< End of report >

grutz

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2010-11-13
Operating System : win7

View user profile

Back to top Go down

Re: Suspicious.MH690

Post by DragonMaster Jay on Thu 18 Nov 2010, 4:49 pm

FF - prefs.js..network.proxy.backup.ftp: "172.31.232.250"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "172.31.232.250"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "172.31.232.250"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "172.31.232.250"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "172.31.232.250"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "172.31.232.250"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "172.31.232.250"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "172.31.232.250"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "172.31.232.250"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0

Did you configure this proxy in Firefox?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Suspicious.MH690

Post by grutz on Thu 18 Nov 2010, 6:36 pm

Yes, it is one of the proxy's at a school but they no longer have a proxy server. Firefox is set to "no proxy" but the settings remain there however they are grayed out.

I've had to use Firefox a couple of times today because I'm testing a website design to make sure it displays correctly. I'll go check the logs in symantic to see if our worm has been detected since this morning

grutz

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2010-11-13
Operating System : win7

View user profile

Back to top Go down

Re: Suspicious.MH690

Post by grutz on Thu 18 Nov 2010, 6:45 pm

Good news...no more infected temp files since this morning. Do you think I should go back to making Firefox the default browser?

shoota

grutz

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2010-11-13
Operating System : win7

View user profile

Back to top Go down

Re: Suspicious.MH690

Post by DragonMaster Jay on Fri 19 Nov 2010, 3:35 pm

I doubt we are dealing with a worm here. Those temp. files above look normal.

However, Symantec is not supposed to be quarantining in the temp. directory.

That detection, Sus.MH690 is some crazy heuristics method from Symantec to judge new malware. It has been known to foul up.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Suspicious.MH690

Post by Sponsored content Today at 9:27 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum